Each federally insured credit union will;
- Develop a written security program within 90 days of the effective date of insurance.
- Designed to protect each credit union office from robberies, burglaries, larcenies, and embezzlement;
- Ensure the security and confidentiality of member records,
- Protect against the anticipated threats or hazards to the security or integrity of such records, and
- Protect against unauthorized access to or use of such records that could result in substantial harm or serious inconvenience to a member;
- Respond to incidents of unauthorized access to or use of member information that could result in substantial harm or serious inconvenience to a member;
- Assist in the identification of persons who commit or attempt such actions and crimes,
- Prevent destruction of vital records as defined in 12 CFR Part 749, and
- Dispose of any consumer information the Federal credit union maintains or otherwise possesses
Cybersecurity
Third Parties
Credit union officials are responsible for planning, directing, and controlling the credit union’s affairs. To fulfill these duties, the officials should require a due diligence review prior to entering into any arrangement with a third party. Each credit union should:
- Exercise appropriate due diligence in selecting its service providers;
- Require its service providers by contract to implement appropriate measures designed to meet the objectives of these guidelines; and
- Where indicated by the credit union's risk assessment, monitor its service providers to confirm that they have satisfied their obligations
Business Continuity
- All credit unions must have a written program that includes plans for safeguarding records and reconstructing vital records.
Federal Financial Institutions Examination Council (FFIEC) Guidance
The FFIEC Information Technology Examination Handbook is comprised of individual booklets. These booklets represent a series of updates to the existing 1996 FFIEC Information Systems Examination Handbook. They address significant changes in the financial institution technology since 1996.They incorporate changes in technology-related risks and controls and follow a risk-based approach to evaluating risk management practices. The booklets provide valuable information to both examiners and financial institution management.
This is an external link to a website belonging to another federal agency, private organization, or commercial entity. Audit (Opens new window)
This is an external link to a website belonging to another federal agency, private organization, or commercial entity. Business Continuity Management (Opens new window)
This is an external link to a website belonging to another federal agency, private organization, or commercial entity. Information Security (Opens new window)
This is an external link to a website belonging to another federal agency, private organization, or commercial entity. Management (Opens new window)
This is an external link to a website belonging to another federal agency, private organization, or commercial entity. Outsourcing Technology Services (Opens new window)
This is an external link to a website belonging to another federal agency, private organization, or commercial entity. Retail Payment Systems (Opens new window)
This is an external link to a website belonging to another federal agency, private organization, or commercial entity. Supervision of Technology Service Providers (TSP) (Opens new window)
This is an external link to a website belonging to another federal agency, private organization, or commercial entity. Wholesale Payment Systems (Opens new window)
Reports to Congress
Cybersecurity and Credit Union System Resilience (Opens new window) - June 27, 2022
Cybersecurity and Credit Union System Resilience (Opens new window) - June 30, 2021